Fail-Safe Failure

At least nine people were killed yesterday when a Red Line Metro Rail train crashed into an unmoving train. Washington D.C. trains are equipt with the latest fail-safe technology. Accidents are not supposed to happen: trains are controlled by computers, which theoretically prevent any two trains from occupying the same space at the same time (the textbook definition of an accident).

Something failed yesterday. The key player in determining the cause was the second train's driver, Jeanice McMillan, 42. She died in the crash.

The accident occurred in full daylight. The first train had stopped due to traffic ahead. The second train, traveling at high speed while rounding a slight curve, crashed into the stationary train: the brakes had not been applied. We may never know what McMillan was doing at the time of the crash, but we can guess that she either was not looking ahead or was too panicked by what she saw coming.

It is too early to point fingers, but Metro officials have already singled out McMillan. A Metro source said McMillan was "relatively inexperienced", ranking 18th from the bottom on the seniority list of 523 train operators. She had been a Metro employee since January 2007. Train operators must first operate a bus for a year before they can apply to operate the train. They then receive about 12 weeks of training. Among the many things we will learn in the coming weeks is just how effective that training program is.

The Operator's Passive Role
Lyndsey Layton, a Washington Post staff writer, describes how the system is supposed to work:

The trains in yesterday's crash were supposed to be in automatic operation, which means the operators would have been relying on the computerized system to run the trains. The only function required of a train operator during automatic operation is to close the doors after a station stop.

This raises an interesting issue: if computers operate the trains, how much attention on the part of the driver is required? With little to do between stations, drivers may tend to "zone out" because they don't have to pay as close attention as they do when running trains manually. The computerized system creates a false sense of security.

Four years ago the signal system briefly failed in the tunnel between Foggy Bottom and Rosslyn, forcing a quick-thinking operator to stop his train manually to avoid a crash. The operator of one train noticed that he was getting too close to the train ahead. The signal system was telling him the track was clear, but he hit the brakes anyway. For reasons that we may never know, McMillan was unable to do this yesterday.

The problem may lie in the concept of a system that cannot fail. Ultimately, no mechanical system can be totally fail-safe. Perhaps DC needs to re-evaluate the role of drivers and figure out a way to keep them more actively involved on a moment-to-moment basis. We are all lulled into a false sense of security by the technical wonders that surround us. As yesterday's crash demonstrated, that security might be an illusion.